Security in the News

The Comprehensive National Cybersecurity Initiative

posted Feb 15, 2013, 7:06 AM by Justi Montague

In the 2013 State of the Union Address, President Obama outlined measures contained in his National Cybersecurity Initiative. The executive order details the following guidelines:

  1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.
  2. Deploy an intrusion detection system of sensors across the Federal enterprise.
  3. Pursue deployment of intrusion prevention systems across the Federal enterprise.
  4. Coordinate and redirect research and development (R&D) efforts.
  5. Connect current cyber ops center to enhance situational awareness.
  6. Develop and implement a government-wide cyber counterintelligence (CI) plan.
  7. Increase the security of our classified networks.
  8. Expand cyber education.
  9. Define and develop enduring "leap-ahead" technology, strategies, and programs.
  10. Define and develop enduring deterrence strategies and programs.
  11. Develop a multi-pronged approach for global supply chain risk management.
  12. Define the Federal role for extending cyber security into critical infrastructure domains. 
For more information or to read the full executive order, view the PDF file below. 

Twitter hires St. Louis hacker to join its security team

posted Oct 9, 2012, 11:31 AM by Justi Montague

Charlie Miller, a well known hacker and computer security consultant, has joined the payroll of Twitter, where he will work for the security team. 
Miller, who lives in Wildwood, announced his new job Friday on his personal Twitter feed. 
"Monday I start on the security team at Twitter," Miller wrote. "Looking forward to working with a great team there!"
Miller, who worked for the National Security Agency in the past, has gained renown for his public demonstrations of security flaws in Apple products. In 2008 he won a $10,000 prize at the Pwn2Own hacking contest in Vancouver, Canada for breaking the security on Apple's Macbook Air in two minutes.
Twitter was co-founded by Jack Dorsey, a St. Louis native, and has had several breaches of security over the years, with hackers taking over the accounts of celebrities and national media organizations.
For example, last year hackers gained control of a Twitter feed for the Fox News cable channel and sent out false news alerts, including a tweet claiming that President Barack Obama was killed.

Big Businesses Walloped With Climbing Cybercrime Costs

posted Oct 9, 2012, 11:30 AM by Justi Montague

By John P. Mello Jr. 

Cybercrime costs continued to climb in 2012 according to a report released Monday by the Ponemon Institute. 

The study of 56 large organizations showed that the average annualized cost of cybercrime for businesses was US $8.9 million a year compared to $8.4 million a year ago. Losses for the firms ranged from one $1.4 million to $46 million.

Cyberattacks have become common occurrences, said the study. On a weekly basis, the businesses in the study were subjected to 102 successful attacks per week, or 1.8 successful attacks per company per week. 

Double Frequency
"In just two years the number of successful attacks has doubled, which is pretty incredible when you think about it," Michael Callahan, vice president for product and solution marketing for HP Enterprise Security, which sponsored the study, told TechNewsWorld.

 "You might expect the number of attacks to increase with the proliferation of botnets, but it's amazing that so many are successful, given the amount of attention that's being paid to security," he said.

One reason for the increase in successful attacks may be the sophistication of the attackers, according to Larry Ponemon, founder and chairman of the Ponemon Institute. "Some of the attacks have become much more complex to identify, and much more stealthy," he told TechNewsWorld. 

In addition, malicious insider attacks are occurring more frequently, he added. "Malicious insiders, working with external parties, can cause enormous amount of damage and when they're detected, they're hard to contain and remediate."

Hackers Attack White House
A spear-phishing attack on a White House computer network that did not contain classified information came to light last week. "These types of attacks are not infrequent and we have mitigation measures in place," an unnamed White House official was quoted as saying.

"In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place, " the official continued.  "Moreover, there was never any impact or attempted breach of any classified system,"

News of the attack broke on Sep. 30 when the Washington FreeBeacon, a conservative online news outlet, reported that hackers linked to the Chinese government broke into a computer network used by the White House military office for nuclear commands. 

Citing an official familiar with the incident, the FreeBeacon maintained that the breach was one of China's "most brazen cyberattacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyberattacks."

One security analyst, however, didn't find the spear phishing attack on the White House that bold all. "I don't think it's a sign they're getting bolder," Ira Victor, a digital forensics analyst with Data Clone Labs told TechNewsWorld. "They've been this bold before."

It's going to get worse, he contended. "There are hundreds of thousands of fledgling keyboard hawks now being groomed by the Chinese government to break into systems," he said.

A major international crackdown on scareware scammers was launched last week by the U.S. Federal Trade Commission. The agency targeted six companies in India selling phony technical support services to English-speaking countries, including the United States, Canada, Australia, Ireland, New Zealand, and the United Kingdom. 

According to the FTC, some of the scammers cold-called consumers posing as representatives from legitimate companies, such as Dell, Microsoft, McAfee, and Symantec. They told the consumers that malware had been detected on their computers and then offered to remove it for fees ranging from $49-$450.

In addition to the "boiler room" tactic used by five of the firms, a sixth used ads placed on Google search pages to sell their bogus services. 

To elude scam fighters, the phony malware removers used 80 different domain names and 130 different phone numbers, the FTC said. 

"The FTC has been aggressive--and successful--in its pursuit of tech-support scams," FTC Chairman Jon Leibowitz said in a statement. "And the tech-support scam artists we're talking about today have taken scareware to a whole other level of virtual mayhem."

1-3 of 3